package com.qf.config;



import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * --- 天道酬勤 ---
 *
 * @author QiuShiju
 * @desc
 */
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    // 其实真正执行的是我们自己实现的UserDetailsServiceImpl类

    /**
     * 【新增】配置 BCrypt 密码编码器
     * 作用：注册时加密密码、认证时匹配密码（与 register 方法的加密逻辑一致）
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    // 创建AuthenticationManager对象
    @Bean // 将这个对象放入Spring容器
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean(); // 创建AuthenticationManager对象
    }
    /**
     * 账户认证
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 关联自定义的 UserDetailsService（从数据库加载用户）
        // 并指定 BCrypt 密码编码器（匹配加密后的密码）
        auth.userDetailsService(userDetailsService)
                .passwordEncoder(passwordEncoder());



        // 使用UserDetailsService实现类进行认证
        // 暂时都是明文存明文取,没有任何加密
//        auth.userDetailsService(userDetailsService).passwordEncoder(new PasswordEncoder( ) {
//            @Override
//            public String encode(CharSequence rawPassword) {
//                return rawPassword.toString();//此处是对密码加密的,暂时没有加密
//            }
//
//            @Override
//            public boolean matches(CharSequence rawPassword, String encodedPassword) {
//                return encodedPassword.equals(rawPassword.toString());
//            }
//        });


    }

    /**
     * 配置权限信息
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                // 匿名访问,放行
                .antMatchers("/utils","/register","/img/**","/user/login","/**/*.js", "/**/*.css").permitAll()
                // 允许匿名访问
                .antMatchers("/hello","/world").anonymous()
                // 允许有指定权限访问
//                .antMatchers("/add").hasAuthority("system:user:add")
//                .antMatchers("/del").hasAuthority("system:user:del")
//                .antMatchers("/update").hasAuthority("system:user:edit")
//                .antMatchers("/list").hasAuthority("system:user:list")
                // 只允许有这个角色访问
                .antMatchers("/get").hasRole("超级管理员")

                // 其他所有资源,认证后(登录)访问
                .antMatchers("/**").authenticated( );
        //   .and( ).formLogin( );
        http.csrf().disable();



    }
}